“This is a threat,” Jen Psaki, the White House press secretary, said Friday. “Anyone who uses these servers – whether they are government, private, academia – needs immediate action to fix it.”
Later on Friday, the cybersecurity agency and the security infrastructure highlighted the risk with an unusual language, stating in a tweet that malicious activities, if left unchecked, could be dangerous. “It allows attackers to control the entire network of the organization”
In a rare step, White House officials have urged private-sector organizations running localized Microsoft Exchange server software installations to install a number of important updates that are released to security experts. Of the information described as publishing an emergency fix program.
John Kirby, Secretary of the Pentagon News Agency, told reporters on Friday the Department of Defense was working to determine if it had been negatively affected by the vulnerability.
“We’re aware, and we’re evaluating,” Kirby said. “And that’s as far as I can get right now.”
But the malicious activities revealed this week were not related to the SolarWinds hack, Microsoft said on Tuesday.
Microsoft generally releases software updates on the second Tuesday of every month. But to indicate the seriousness of the threat, Microsoft has released a patch addressing a new vulnerability that was not detected a week earlier.
‘We urge network operators to take this matter seriously.’
“We urge the operators to take this matter seriously,” Psaki said of the statement. Management is concerned as “So many victims,” she added.
A Washington Think Tank worker told CNN that both her work and her personal email account were attacked by attackers. Microsoft sent her a warning that there was a foreign government behind AOL, sending a similar notification for personal accounts.
FBI agents then visited the person, who appeared on her doorstep, stressing that it was a sophisticated and sophisticated hack by a foreign government and an FBI investigation is underway across the country.
The attacker used unauthorized access to send email to that person’s contact. [the messages] In such a way that the recipient will not suspect that I am the sender. “The fraudulent email sent in that person’s name includes an invitation to a meeting that does not exist and refers to an article in her name and a book in the name of a colleague.” Which is written by them
Each message that person is accompanied by a link that asks the user to click.
The U.S. government’s unusual public response to the incident surprised many experts, reflecting both the Biden administration’s focus on cyber issues compared to Trump’s White House and Threat size
CNN’s Michael Conte and Oren Liebermann contributed to this report.